[PATCH] sys_getppid oopses on debug kernel

From: Kirill Korotaev
Date: Tue Aug 08 2006 - 06:18:54 EST

Next message: Eric Dumazet: "Re: [PATCH] unserialized task->files changing"
Previous message: Paul P Komkoff Jr: "Re: Only 3.2G ram out of 4G seen in an i386 box"
Next in thread: Dave Hansen: "Re: [PATCH] sys_getppid oopses on debug kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sys_getppid() optimization can access a freed memory.
On kernels with DEBUG_SLAB turned ON, this results in
Oops.

Signed-Off-By: Kirill Korotaev <dev@xxxxxxxxxx>

--- ./kernel/timer.c.ppiddbg 2006-07-14 19:11:06.000000000 +0400
+++ ./kernel/timer.c 2006-08-08 14:19:24.000000000 +0400
@@ -1342,6 +1342,7 @@ asmlinkage long sys_getpid(void)
asmlinkage long sys_getppid(void)
{
int pid;
+#ifndef CONFIG_DEBUG_SLAB
struct task_struct *me = current;
struct task_struct *parent;

@@ -1364,6 +1365,16 @@ asmlinkage long sys_getppid(void)
#endif
break;
}
+#else
+ /*
+ * ->real_parent could be released before dereference and
+ * we accessed freed kernel memory, which faults with debugging on.
+ * Keep it simple and stupid.
+ */
+ read_lock(&tasklist_lock);
+ pid = current->group_leader->real_parent->tgid;
+ read_unlock(&tasklist_lock);
+#endif
return pid;
}

Next message: Eric Dumazet: "Re: [PATCH] unserialized task->files changing"
Previous message: Paul P Komkoff Jr: "Re: Only 3.2G ram out of 4G seen in an i386 box"
Next in thread: Dave Hansen: "Re: [PATCH] sys_getppid oopses on debug kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]